CISA Warns of Hackers Targeting Critical Oil Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the increasing threat of hackers targeting critical oil infrastructure in the United States. According to CISA, these attackers are using basic tactics to compromise industrial control systems (ICS) and operational technology (OT) equipment, which could lead to significant consequences, including physical damage and disruptions.
CISA notes that despite the simplicity of these attacks, they can have a profound impact on critical infrastructure organizations. "CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems," the agency stated. "Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions, and, in severe cases, physical damage."
In a joint advisory issued with the FBI, EPA, and DOE, CISA shared detailed guidance to help network defenders reduce the risk of potential breaches. The agency advised security teams to ensure that their organizations' attack surface is as small as possible by removing public-facing OT devices from the internet, as these devices are vulnerable to hacking attempts.
CISA also recommended changing default passwords to unique and strong ones and securing remote access to OT assets using a virtual private network (VPN) featuring phishing-resistant multifactor authentication (MFA). The agency emphasized the importance of segmenting IT and OT networks using demilitarized zones to separate local area networks from untrusted networks.
"Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident," the agencies said. "The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT."
This advisory comes after CISA and EPA warned water facilities to secure their Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks in December. Three months earlier, the U.S. cybersecurity agency also said threat actors were trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using default credentials and "unsophisticated" methods like brute force attacks.
As the threat landscape continues to evolve, it is essential for critical infrastructure organizations to stay vigilant and take proactive measures to secure their OT systems. By following CISA's guidelines and best practices, these organizations can significantly reduce the risk of potential breaches and protect their operations from disruptions.
Additional Threats and Security Measures
Top 10 MITRE ATT&CK techniques behind 93% of attacks: Discover how to defend against the most common attack vectors and techniques used by threat actors, based on an analysis of 14M malicious actions.
CISA Emergency Directive: Mitigate Ivanti zero-days immediately
Medusa ransomware hit over 300 critical infrastructure orgs
Critical Langflow RCE flaw exploited to hack AI app servers
Unofficial Signal app used by Trump officials investigated for hack
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
Conclusion
The threat of hackers targeting critical oil infrastructure is a pressing concern that requires immediate attention from critical infrastructure organizations. By following CISA's guidelines and best practices, these organizations can significantly reduce the risk of potential breaches and protect their operations from disruptions.